This is meant to be used for educational purposes and only on hosts that you own and have express permission
to perform testing. I am not liable for your actions and failure to follow these stipulations and those set 
forth in the LISENCE will result in - well - consequences from the law. 

They say that phishing is the leading way through which malware can infect computer systems, but my experience in the security industry tells me that we might be sleeping on a bigger threat - extensions. I made this project as an answer to the question:

If my grammarly extension wanted to, just how much harm could it do?

In-Former was designed originally as a dynamic information stealer, focusing on ingesting data from non-static sources (i.e., not hardcoded), but now includes malware injection capabilities, and many more features to come. Listed below is a list of features that this malicious extension provides.

1. URL Tracking: Keeps a history of the websites you visit and records relevant data such as time of visit, etc.
2. Credential Stealing: Upon a page load, it can inject event listeners that keep track of information in html input tags.
3. Stealthy Targeted Malware Injection: Given a hard-coded set of websites and matching payloads, it can replace all download links to a malicious payload (changes the a tag's href attribute on clickup and then sets a timeout after which it is reset to its original value).
4. Discord Webhook Payload Delivery: Sends all of the information above using discord webhooks.
5. Network Obfuscation: Allows user to select from various payload deployment modes to allow for better network obfuscation. For example, send data to your discord webhook only on outgoing https requests (time based detection can no longer detect this extension's traffic).

This project is for educational purposes only. Please, don't use this for harm.